The various macros to do checks in system call handlers all
implictly would generate a kernel oops if a check failed.
This is undesirable for a few reasons:
* System call handlers that acquire resources in the handler
have no good recourse for cleanup if a check fails.
* In some cases we may want to propagate a return value back
to the caller instead of just killing the calling thread,
even though the base API doesn't do these checks.
These macros now all return a value, if nonzero is returned
the check failed. K_OOPS() now wraps these calls to generate
a kernel oops.
At the moment, the policy for all APIs has not changed. They
still all oops upon a failed check/
The macros now use the Z_ notation for private APIs.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
To avoid another thread from modifying the spi_buf_set and spi_config
structures passed to the spi_transceive() syscall, copy those to the
kernel stack before validating.
Fixes#7378.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Driver APIs might not implement all operations, making it possible for
a user thread to get the kernel to execute a function at 0x00000000.
Perform runtime checks in all the driver handlers, checking if they're
capable of performing the requested operation.
Fixes#6907.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
tx_bufs/tx_count and rx_bufs/rx_count can be hold in another dedicated
structure, thus reducing the number of parameters to transceive. This
permits to avoid using the stack when calling transceive.
Since we saved parameters, we can expose back the struct device pointer,
to stay consistent with other device driver APIs.
Fixes#5839
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
As the content of this struct will not be modified by drivers, it's
better to pass it as constant. Also, if someday struct device can be
made contant too, this change will make spi ready for registering the
spi_config into ROM directly.
Fixes#5839
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
spi_transceive_async() omitted as we don't support k_poll objects
in user mode (yet).
The checking for spi_transceive() is fairly complex as we have to
validate the config struct passed in along with device instances
contained within it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Andrew Boie